[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 29 May 2023 01:12:18 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8dd16750 by security tracker role at 2023-05-29T08:11:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2023-33291 (In ebankIT 6, the public endpoints 
/public/token/Email/generate and /p ...)
+       TODO: check
+CVE-2023-31874 (Yank Note (YN) 3.52.1 allows execution of arbitrary code when 
a crafte ...)
+       TODO: check
+CVE-2023-31873 (Gin 0.7.4 allows execution of arbitrary code when a crafted 
file is op ...)
+       TODO: check
+CVE-2023-2955 (A vulnerability, which was classified as critical, was found in 
Source ...)
+       TODO: check
+CVE-2023-2954 (Cross-site Scripting (XSS) - Stored in GitHub repository 
liangliangyy/ ...)
+       TODO: check
+CVE-2021-4336 (A vulnerability was found in ITRS Group monitor-ninja up to 
2021.11.1. ...)
+       TODO: check
 CVE-2023-33931 (Cross-Site Request Forgery (CSRF) vulnerability in Ciprian 
Popescu You ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-33926 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic 
Easy Goog ...)
@@ -724,7 +736,7 @@ CVE-2023-2757 (The Waiting: One-click countdowns plugin for 
WordPress is vulnera
        NOT-FOR-US: Waiting: One-click countdowns plugin for WordPress
 CVE-2019-25137 (Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote 
Code Exe ...)
        NOT-FOR-US: Umbraco CMS
-CVE-2023-32763
+CVE-2023-32763 (An issue was discovered in Qt before 5.15.15, 6.x before 
6.2.9, and 6. ...)
        - qt6-base 6.4.2+dfsg-8
        - qtbase-opensource-src 5.15.8+dfsg-10
        - qtbase-opensource-src-gles 5.15.8+dfsg-3 (bug #1036702)
@@ -733,7 +745,7 @@ CVE-2023-32763
        NOTE: 
https://download.qt.io/official_releases/qt/6.5/CVE-2023-32763-qtbase-6.5.diff
        NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/476490
        NOTE: https://bugreports.qt.io/browse/QTBUG-113337
-CVE-2023-32762
+CVE-2023-32762 (An issue was discovered in Qt before 5.15.14, 6.x before 
6.2.9, and 6. ...)
        - qt6-base 6.4.2+dfsg-9
        - qtbase-opensource-src 5.15.8+dfsg-10
        - qtbase-opensource-src-gles <not-affected> (Not built in GLES variant)
@@ -4434,8 +4446,7 @@ CVE-2022-48439
        RESERVED
 CVE-2022-48438
        RESERVED
-CVE-2023-30570 [Incorrect aggressive mode interaction causes the pluto daemon 
to crash]
-       RESERVED
+CVE-2023-30570 (pluto in Libreswan before 4.11 allows a denial of service 
(responder S ...)
        - libreswan <unfixed> (bug #1035542)
        NOTE: https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt
        NOTE: https://github.com/libreswan/libreswan/issues/1039
@@ -5079,8 +5090,8 @@ CVE-2023-30352 (Shenzen Tenda Technology IP Camera CP3 
V11.10.00.2211041355 was
        NOT-FOR-US: Tenda
 CVE-2023-30351 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 
was discov ...)
        NOT-FOR-US: Tenda
-CVE-2023-30350
-       RESERVED
+CVE-2023-30350 (FS S3900-24T4S devices allow authenticated attackers with 
guest access ...)
+       TODO: check
 CVE-2023-30349 (JFinal CMS v5.1.0 was discovered to contain a remote code 
execution (R ...)
        NOT-FOR-US: JFinal CMS
 CVE-2023-30348
@@ -7512,8 +7523,7 @@ CVE-2023-29382
        RESERVED
 CVE-2023-29381
        RESERVED
-CVE-2023-29380
-       RESERVED
+CVE-2023-29380 (Warpinator before 1.6.0 allows remote file deletion via 
directory trav ...)
        NOT-FOR-US: Warpinator
 CVE-2023-29379
        RESERVED
@@ -8367,9 +8377,9 @@ CVE-2023-29081
 CVE-2023-29080
        RESERVED
 CVE-2023-29079
-       RESERVED
+       REJECTED
 CVE-2023-29078
-       RESERVED
+       REJECTED
 CVE-2023-29077
        RESERVED
 CVE-2023-29076
@@ -11776,8 +11786,8 @@ CVE-2023-1358 (A vulnerability, which was classified as 
critical, was found in S
        NOT-FOR-US: SourceCodester Gadget Works Online Ordering System
 CVE-2023-1357 (A vulnerability, which was classified as critical, has been 
found in S ...)
        NOT-FOR-US: SourceCodester Simple Bakery Shop Management System
-CVE-2023-28153
-       RESERVED
+CVE-2023-28153 (An issue was discovered in the Kiddoware Kids Place Parental 
Control a ...)
+       TODO: check
 CVE-2023-28152 (An issue was discovered in Independentsoft JWord before 
1.1.110. The A ...)
        NOT-FOR-US: Independentsoft JWord
 CVE-2023-28151 (An issue was discovered in Independentsoft JSpreadsheet before 
1.1.110 ...)
@@ -21956,24 +21966,24 @@ CVE-2023-24607 (Qt before 6.4.3 allows a denial of 
service via a crafted string
        NOTE: 
https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
 CVE-2023-24606
        RESERVED
-CVE-2023-24605
-       RESERVED
-CVE-2023-24604
-       RESERVED
-CVE-2023-24603
-       RESERVED
-CVE-2023-24602
-       RESERVED
-CVE-2023-24601
-       RESERVED
-CVE-2023-24600
-       RESERVED
-CVE-2023-24599
-       RESERVED
-CVE-2023-24598
-       RESERVED
-CVE-2023-24597
-       RESERVED
+CVE-2023-24605 (OX App Suite before backend 7.10.6-rev37 does not enforce 2FA 
for all  ...)
+       TODO: check
+CVE-2023-24604 (OX App Suite before backend 7.10.6-rev37 does not check HTTP 
header le ...)
+       TODO: check
+CVE-2023-24603 (OX App Suite before backend 7.10.6-rev37 does not check size 
limits wh ...)
+       TODO: check
+CVE-2023-24602 (OX App Suite before frontend 7.10.6-rev24 allows XSS via data 
to the T ...)
+       TODO: check
+CVE-2023-24601 (OX App Suite before frontend 7.10.6-rev24 allows XSS via a 
non-app dee ...)
+       TODO: check
+CVE-2023-24600 (OX App Suite before backend 7.10.6-rev37 allows authenticated 
users to ...)
+       TODO: check
+CVE-2023-24599 (OX App Suite before backend 7.10.6-rev37 allows authenticated 
users to ...)
+       TODO: check
+CVE-2023-24598 (OX App Suite before backend 7.10.6-rev37 has an information 
leak in th ...)
+       TODO: check
+CVE-2023-24597 (OX App Suite before frontend 7.10.6-rev24 allows the loading 
(without  ...)
+       TODO: check
 CVE-2023-0566 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        - froxlor <itp> (bug #581792)
 CVE-2023-0565 (Business Logic Errors in GitHub repository froxlor/froxlor 
prior to 2. ...)
@@ -39527,8 +39537,8 @@ CVE-2022-45374
        RESERVED
 CVE-2022-45373
        RESERVED
-CVE-2022-45372
-       RESERVED
+CVE-2022-45372 (Cross-Site Request Forgery (CSRF) vulnerability in Codeixer 
Product Ga ...)
+       TODO: check
 CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet 
ShopEngine pl ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-45370
@@ -70951,8 +70961,8 @@ CVE-2022-34149 (Authentication Bypass vulnerability in 
miniOrange WP OAuth Serve
        NOT-FOR-US: WordPress plugin
 CVE-2022-34148 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-33974
-       RESERVED
+CVE-2022-33974 (Cross-Site Request Forgery (CSRF) vulnerability in Smash 
Balloon Custo ...)
+       TODO: check
 CVE-2022-33965 (Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities 
in Osama ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-33961 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Wasp ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dd167502790737d84f4063c7dc6eab7936f2d54

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dd167502790737d84f4063c7dc6eab7936f2d54
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to